package com.gzy.demo1.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;


@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    JWTUserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().disable();

        http .csrf()
                .disable();
        http.rememberMe().disable();
        // 禁用缓存
        http.headers().cacheControl().disable();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


        http.authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                // 任何  OPTIONS 放行
                .antMatchers(HttpMethod.POST, "/login").permitAll()
//                .antMatchers("/test3").permitAll()
//                .antMatchers("/user/*").hasRole("USER")
//                .antMatchers("/admin/*").hasRole("ADMIN")
//                .antMatchers("/super_admin/*").hasRole("SUPER_ADMIN")
//
//

                .anyRequest().authenticated()
        // 任何 请求都需要进行 身份验证
        ;

//        http.addFilter(new JWTLoginFilter(authenticationManager()))
//                .addFilter(new JWTAuthenticationFilter(authenticationManager(),userDetailsService));
        http.addFilter(new JWTAuthenticationFilter(authenticationManager(),userDetailsService));

    }
}
